Usually, electronic devices, such as, for example, mobile communication devices, dispose of a user interface including peripheral devices through which user inputs are made. Such peripheral devices include keypads for entering characters and numbers and microphones for acoustic input. Also, security related inputs are made using these devices, such as inputs for user authentication and further sensitive inputs which are to be protected from unauthorized access by third parties.
A conventional and widely applied method for authenticating a user includes the verification of a password or personal identification number (PIN) which the user enters using a keypad and which is validated in a user device. In particular, the validation may be made in a secure smart card, which is inserted into the user device. Such a smart-card-based user authentication is made, for example, in mobile communication devices, which usually dispose of a smart card, such as, for example, a so called SIM card, that provides functionality for identifying and/or authenticating the user towards a mobile communication network and that itself authenticates the user using a PIN.
It is one problem of the aforementioned user authentication procedure that the transmission of the secure password or PIN from the peripheral keypad to the smart card bears the risk to be put a trace on or to be otherwise tampered with. In addition, there is the risk that an unauthorized third party spies out the password or PIN and gains access to the device and/or a service relying on such authentication procedure in place of the authorized user. Furthermore, the user could also provide the password or PIN to a third person by choice in order to allow the third person to gain access. Thus, in other words, a successful verification of the entered password or PIN does not guarantee that the input thereof has been made by the authorized user.
DE 103 53 068 A1 describes a method for authenticating a user of a mobile phone on the basis of her voice profile. In this method, the voice of the user is captured by a microphone of the mobile phone and the voice recording is transmitted to a service, which authenticates the user by checking the voice sample. A corresponding control program may be stored in the SIM card of the mobile phone.
It is known that the voice is a unique biometric feature of the user. A speech-based user authentication has the advantage that it requires a voice recording of the user authorized in order to be successful, while voice samples spoken by a third person will not allow for a successful user authentication. However, there is still the problem that a peripheral microphone is used for the voice input which could be put a trace on or which could be otherwise tampered with. This problem is not limited to voice inputs used for authenticating the user, but also appears in connection with other voice inputs which are made using the microphone.